On August 10, 2022, NAF, Inc. reported a data breach with the various state attorney generals’ offices. While these filings do not indicate which type of information was compromised as a result of the incident, based on state data breach reporting requirements, it is likely that the incident affected one or more of the following: Social Security numbers, protected health information, or financial account information. After confirming the breach and identifying all affected parties, NAF began sending out data breach letters to all affected parties.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the NAF data breach, please see our recent piece on the topic here.
What We Know About the NAF Data Breach
The information about the NAF, Inc. data breach comes from an official filing with the office of the Vermont Attorney General. According to the most current information, on March 30, 2022, NAF detected unusual activity within its computer network. In response, the organization secured its systems and contacted outside cybersecurity professionals to assist with the company’s investigation.
The NAF investigation confirmed that an unauthorized party gained access to the company’s computer network on March 19, 2022, which lasted until the company discovered the breach on March 30, 2022. The investigation also revealed that the unauthorized party had access to files on the NAF system that potentially contained sensitive consumer information.
Upon discovering that sensitive consumer data was accessible to an unauthorized party, NAF began the process of reviewing all affected files to determine what information was compromised and which consumers were impacted by the incident. In the organization’s most recent filings, it does not disclose the data elements that were compromised as a result of the breach. However, because organizations only need to report incidents that affect highly sensitive and personal information, there is a reasonable probability that the NAF data…